BUG: unable to handle page fault for address: ffffde20277fc1cb #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 11834 Comm: syz-executor.0 Not tainted 5.1.0+ #12 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:iptunnel_xmit_stats include/net/ip_tunnels.h:444 [inline] RIP: 0010:iptunnel_xmit+0x6e5/0x970 net/ipv4/ip_tunnel_core.c:94 Code: c1 e9 03 80 3c 11 00 0f 85 72 02 00 00 48 03 1c c5 60 70 6f 88 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 5d 02 00 00 48 8d 7b 10 4d 63 e4 48 b8 00 00 00 RSP: 0000:ffff8880ae909878 EFLAGS: 00010a02 RAX: dffffc0000000000 RBX: ffff11013bfe0e40 RCX: 1ffffffff10dee0d RDX: 1fffe220277fc1cb RSI: ffffffff833521fc RDI: ffff11013bfe0e58 RBP: ffff8880ae9098d8 R08: ffff88808ebf6640 R09: ffffed1015d26be0 R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: 00000000000000fc R13: ffff8880894a6100 R14: ffff88808e93e9d4 R15: ffff888062815980 FS: 0000000001731940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffde20277fc1cb CR3: 0000000065701000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: udp_tunnel_xmit_skb+0x236/0x310 net/ipv4/udp_tunnel.c:191 tipc_udp_xmit.isra.0+0x805/0xcc0 net/tipc/udp_media.c:181 tipc_udp_send_msg+0x295/0x4a0 net/tipc/udp_media.c:247 tipc_bearer_xmit_skb+0x172/0x360 net/tipc/bearer.c:503 tipc_disc_timeout+0x933/0xd60 net/tipc/discover.c:332 call_timer_fn+0x196/0x720 kernel/time/timer.c:1322 expire_timers kernel/time/timer.c:1366 [inline] __run_timers kernel/time/timer.c:1685 [inline] __run_timers kernel/time/timer.c:1653 [inline] run_timer_softirq+0x66f/0x1740 kernel/time/timer.c:1698 __do_softirq+0x266/0x95a kernel/softirq.c:293 invoke_softirq kernel/softirq.c:374 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:414 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1067 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:806 RIP: 0010:check_preemption_disabled lib/smp_processor_id.c:14 [inline] RIP: 0010:debug_smp_processor_id+0x10/0x280 lib/smp_processor_id.c:57 Code: 96 3b 74 fe e9 a4 fe ff ff e8 8c 3b 74 fe e9 78 fe ff ff 0f 1f 80 00 00 00 00 55 48 89 e5 41 56 41 55 41 54 53 e8 10 b8 3b fe <65> 44 8b 25 58 6f cc 7c 65 8b 1d a9 db cc 7c 81 e3 ff ff ff 7f 31 RSP: 0000:ffff88806a99f6b0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff88808ebf6640 RBX: 0000000000035e40 RCX: ffffffff817c0bb8 RDX: 0000000000000000 RSI: ffffffff833521d0 RDI: 0000000000000001 RBP: ffff88806a99f6d0 R08: ffff88808ebf6640 R09: ffffed1015d26be0 R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: 0000000000000000 R13: 0000000000000000 R14: ffff88808ebf6640 R15: ffff88809e063e00 rcu_dynticks_curr_cpu_in_eqs+0x17/0xb0 kernel/rcu/tree.c:290 rcu_is_watching+0x10/0x30 kernel/rcu/tree.c:872 rcu_read_unlock include/linux/rcupdate.h:645 [inline] is_bpf_text_address+0xe9/0x170 kernel/bpf/core.c:714 kernel_text_address+0x73/0xf0 kernel/extable.c:152 __kernel_text_address+0xd/0x40 kernel/extable.c:107 unwind_get_return_address arch/x86/kernel/unwind_frame.c:18 [inline] unwind_get_return_address+0x61/0xa0 arch/x86/kernel/unwind_frame.c:13 arch_stack_walk+0x9d/0xf0 arch/x86/kernel/stacktrace.c:26 stack_trace_save+0xac/0xe0 kernel/stacktrace.c:122 save_stack+0x23/0x90 mm/kasan/common.c:71 set_track mm/kasan/common.c:79 [inline] __kasan_kmalloc mm/kasan/common.c:489 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:462 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:497 slab_post_alloc_hook mm/slab.h:437 [inline] slab_alloc mm/slab.c:3357 [inline] kmem_cache_alloc+0x11a/0x6f0 mm/slab.c:3519 anon_vma_alloc mm/rmap.c:82 [inline] __anon_vma_prepare+0x1b1/0x3c0 mm/rmap.c:190 anon_vma_prepare include/linux/rmap.h:153 [inline] do_huge_pmd_anonymous_page+0x105f/0x1730 mm/huge_memory.c:696 create_huge_pmd mm/memory.c:3701 [inline] __handle_mm_fault+0x2d5e/0x3ec0 mm/memory.c:3905 handle_mm_fault+0x43f/0xb30 mm/memory.c:3971 do_user_addr_fault arch/x86/mm/fault.c:1457 [inline] __do_page_fault+0x5ef/0xda0 arch/x86/mm/fault.c:1523 do_page_fault+0x71/0x581 arch/x86/mm/fault.c:1554 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1142 RIP: 0033:0x4400b1 Code: 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e 88 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e <66> 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e RSP: 002b:00007ffc401270c8 EFLAGS: 00010202 RAX: 00000000200f8000 RBX: 0000000000740000 RCX: 00000000000039cd RDX: 0000000000000006 RSI: 0000000000740020 RDI: 00000000200f8000 RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000004 R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000740008 R13: 00000000004beb4b R14: 0000000000000000 R15: 00007ffc401272c0 Modules linked in: CR2: ffffde20277fc1cb ---[ end trace 5ca092427854fbb9 ]--- RIP: 0010:iptunnel_xmit_stats include/net/ip_tunnels.h:444 [inline] RIP: 0010:iptunnel_xmit+0x6e5/0x970 net/ipv4/ip_tunnel_core.c:94 Code: c1 e9 03 80 3c 11 00 0f 85 72 02 00 00 48 03 1c c5 60 70 6f 88 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 5d 02 00 00 48 8d 7b 10 4d 63 e4 48 b8 00 00 00 RSP: 0000:ffff8880ae909878 EFLAGS: 00010a02 RAX: dffffc0000000000 RBX: ffff11013bfe0e40 RCX: 1ffffffff10dee0d RDX: 1fffe220277fc1cb RSI: ffffffff833521fc RDI: ffff11013bfe0e58 RBP: ffff8880ae9098d8 R08: ffff88808ebf6640 R09: ffffed1015d26be0 R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: 00000000000000fc R13: ffff8880894a6100 R14: ffff88808e93e9d4 R15: ffff888062815980 FS: 0000000001731940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffde20277fc1cb CR3: 0000000065701000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400